“What this basically means is that anyone with a vulnerable version of the tool (which maintains persistence on the system and therefore is always running) might be directed by an attacker to a specific website designed to exploit the flaw in the program and execute any commands the attacker wishes,” Malwarebytes researcher Adam Kujawa wrote in a blog post published Friday. “This could potentially lead to malware being installed without user awareness, stolen credentials, damaged system configuration and more.”
Read MoreSelect your language